VARIoT latest news about IoT security

Microsoft Windows Codecs Library RCE (January 2022) Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21917

5 Critical Code Vulnerabilities To Avoid At All Cost Trust: 3.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 10:32 a.m.	Vulnerabilities: default password, password guessing, cross-site scripting...

Affected products

External IDs

vendor:

serve

model:

serve

ESB-2021.4004.7 Related entries in the VARIoT vulnerabilities database: VAR-202109-1803, VAR-202109-1805, VAR-202109-1804, VAR-202109-1802 Trust: 5.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 21, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	cisco prime collaboration assurance
vendor:	cisco systems	model:	fxos
vendor:	cisco systems	model:	prime network
vendor:	cisco systems	model:	hosted collaboration mediation fulfillment
vendor:	cisco systems	model:	video surveillance media server
vendor:	cisco systems	model:	cisco telepresence
vendor:	cisco systems	model:	cisco policy suite
vendor:	cisco systems	model:	firepower management center
vendor:	cisco systems	model:	wide area application services
vendor:	cisco systems	model:	security manager
vendor:	cisco systems	model:	unified communications manager session management edition
vendor:	cisco systems	model:	cisco prime network services controller
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	unified communications manager im & presence service
vendor:	cisco systems	model:	cisco prime optical
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco expressway
vendor:	cisco systems	model:	cisco ucs manager
vendor:	cisco systems	model:	ucs director
vendor:	cisco systems	model:	ucs central software
vendor:	cisco systems	model:	unified communications
vendor:	cisco systems	model:	virtual security gateway
vendor:	cisco systems	model:	cloud services platform
vendor:	cisco systems	model:	firepower
vendor:	cisco systems	model:	cisco prime infrastructure
vendor:	cisco systems	model:	unified communications domain manager
vendor:	cisco systems	model:	prime collaboration
vendor:	cisco systems	model:	policy suite
vendor:	cisco systems	model:	prime collaboration provisioning
vendor:	cisco systems	model:	cisco security manager
vendor:	cisco systems	model:	prime infrastructure
vendor:	cisco systems	model:	cisco cloud services platform 2100
vendor:	cisco systems	model:	prime network services controller
vendor:	cisco systems	model:	unified communications manager
vendor:	cisco systems	model:	cisco firepower management center
vendor:	cisco systems	model:	expressway
vendor:	cisco systems	model:	cisco socialminer
vendor:	cisco systems	model:	nexus
vendor:	cisco systems	model:	cisco virtual topology system
vendor:	cisco systems	model:	cisco prime collaboration provisioning
vendor:	cisco systems	model:	cisco ucs director
vendor:	cisco systems	model:	virtual topology system
vendor:	cisco systems	model:	ucs manager
vendor:	cisco systems	model:	dna center
vendor:	cisco systems	model:	cisco unified communications domain manager
vendor:	cisco systems	model:	smart net total care
vendor:	cisco systems	model:	cisco prime collaboration
vendor:	cisco systems	model:	telepresence
vendor:	cisco systems	model:	cisco prime network
vendor:	cisco systems	model:	expressway series
vendor:	cisco systems	model:	prime collaboration assurance
vendor:	cisco systems	model:	cisco unified communications manager
vendor:	cisco systems	model:	cloud services platform 2100
vendor:	cisco systems	model:	socialminer
vendor:	cisco systems	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco systems	model:	prime optical
vendor:	cisco systems	model:	firepower threat defense
vendor:	cisco	model:	cisco prime collaboration assurance
vendor:	cisco	model:	fxos
vendor:	cisco	model:	prime network
vendor:	cisco	model:	hosted collaboration mediation fulfillment
vendor:	cisco	model:	video surveillance media server
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	wide area application services
vendor:	cisco	model:	security manager
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco prime network services controller
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	cisco prime optical
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco	model:	ucs director
vendor:	cisco	model:	ucs central software
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	virtual security gateway
vendor:	cisco	model:	cloud services platform
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	unified communications domain manager
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	prime collaboration provisioning
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco cloud services platform 2100
vendor:	cisco	model:	prime network services controller
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco socialminer
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco virtual topology system
vendor:	cisco	model:	cisco prime collaboration provisioning
vendor:	cisco	model:	cisco ucs director
vendor:	cisco	model:	virtual topology system
vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco unified communications domain manager
vendor:	cisco	model:	smart net total care
vendor:	cisco	model:	cisco prime collaboration
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco prime network
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	prime collaboration assurance
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cloud services platform 2100
vendor:	cisco	model:	socialminer
vendor:	cisco	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco	model:	prime optical
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-39275, CVE-2021-34798, CVE-2021-36160, CVE-2021-40438, CVE-2021-33193

Researchers Find Four Security Flaws Affecting Microsoft Teams Trust: 5.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 23, 2021, 11:28 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

node.js

model:

node.js

Microsoft Patch Tuesday - January 2022 - Lansweeper Related entries in the VARIoT vulnerabilities database: VAR-202201-0640, VAR-202201-0580, VAR-202107-1503, VAR-202109-1789 Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 11, 2022, 7:06 p.m.	Vulnerabilities: security feature bypass, denial of service, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21858, CVE-2022-21841, CVE-2022-21865, CVE-2022-21892, CVE-2022-21875, CVE-2022-21874, CVE-2022-21857, CVE-2022-21870, CVE-2022-21885, CVE-2022-21963, CVE-2022-21961, CVE-2022-21883, CVE-2022-21958, CVE-2022-21868, CVE-2022-21879, CVE-2022-21918, CVE-2022-21877, CVE-2022-21860, CVE-2022-21919, CVE-2022-21898, CVE-2022-21896, CVE-2022-21859, CVE-2022-21962, CVE-2022-21915, CVE-2022-21869, CVE-2022-21891, CVE-2022-21884, CVE-2022-21881, CVE-2022-21890, CVE-2022-21836, CVE-2022-21922, CVE-2022-21897, CVE-2022-21871, CVE-2022-21848, CVE-2022-21932, CVE-2022-21917, CVE-2022-21840, CVE-2022-21847, CVE-2022-21882, CVE-2022-21863, CVE-2022-21878, CVE-2022-21861, CVE-2022-21843, CVE-2022-21852, CVE-2022-21851, CVE-2022-21916, CVE-2022-21928, CVE-2022-21913, CVE-2022-21895, CVE-2022-21837, CVE-2022-21839, CVE-2022-21900, CVE-2022-21912, CVE-2022-21907, CVE-2022-21911, CVE-2022-21846, CVE-2022-21889, CVE-2022-21834, CVE-2022-21920, CVE-2022-21904, CVE-2021-36976, CVE-2022-21855, CVE-2022-21914, CVE-2022-21960, CVE-2022-21880, CVE-2022-21862, CVE-2022-21849, CVE-2022-21864, CVE-2022-21866, CVE-2022-21842, CVE-2022-21921, CVE-2022-21833, CVE-2022-21906, CVE-2022-21899, CVE-2022-21908, CVE-2022-21910, CVE-2021-22947, CVE-2022-21835, CVE-2022-21924, CVE-2022-21905, CVE-2022-21903, CVE-2022-21893, CVE-2022-21894, CVE-2022-21888, CVE-2022-21873, CVE-2022-21838, CVE-2022-21964, CVE-2022-21876, CVE-2022-21872, CVE-2022-21969, CVE-2022-21850, CVE-2022-21901, CVE-2022-21887, CVE-2022-21902, CVE-2022-21959, CVE-2022-21867, CVE-2022-21925

Statement on Apache Log4j2 Vulnerability \| TP-Link United Kingdom Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 3.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 6, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	pharos	model:	pharos
vendor:	mesh	model:	mesh
vendor:	tp-link	model:	routers

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

💬1 - Penetration Testing - What, Why & How - A Complete Guide Trust: 3.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 7, 2022, 2:20 p.m.	Vulnerabilities: denial of service, system crash, code injection...

Affected products

External IDs

vendor:

google

model:

android

'doorLock' - A persistent denial of service flaw affecting iOS 15.2 - iOS 14.7Security Affairs Trust: 3.25 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 3, 2022, 10:23 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Cyber Security Review - News • Insights • Analysis Related entries in the VARIoT vulnerabilities database: VAR-202111-0660 Trust: 5.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:

kcodes

model:

netusb

db:

NVD

ids:

CVE-2021-42278, CVE-2021-42287

KCodes NetUSB Security Flaw Risks Millions of Devices Related entries in the VARIoT vulnerabilities database: VAR-202112-2341 Trust: 5.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 11, 2022, 7:36 p.m.	Vulnerabilities: buffer overflow, integer overflow, code execution

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	tenda	model:	router
vendor:	kcodes	model:	netusb
vendor:	netgear	model:	router
vendor:	dlink	model:	router

db:

NVD

ids:

CVE-2021-45388, CVE-2021-45608

PSIRT - Huawei Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

RedTeam Pentesting - Blog - Inside a PBX - Discovering a Firmware Backdoor Trust: 3.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	lighttpd	model:	lighttpd
vendor:	u-boot	model:	das u-boot

db:

NVD

ids:

CVE-2021-40857, CVE-2021-40856, CVE-2021-40859

6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment \| Qualys Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 3.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 5:41 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228, CVE-2021-4228, CVE-2021-45046

4 Steps to Improve Your Vulnerability Management Process Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: denial of service

Affected products	External IDs

Zloader Banking Malware Uses Microsoft E-Signature Tool Vulnerability to Steal Sensitive Credentials \| Tech Times Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 5, 2022, 2:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

db:

NVD

ids:

CVE-2020-1599, CVE-2012-0151, CVE-2013-3900

The securities vulnerabilities of Iot Devices in the Medical Field - Qualified Scholars Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 8, 2022, 3:03 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

CVE-2021-44832: New Vulnerability Found in Apache Log4j - Netskope Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-0562, VAR-202112-0566 Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44832, CVE-2021-45046, CVE-2021-44228

Security Notification - Apache Log4j Vulnerability (Log4Shell) \| Schneider Electric Related entries in the VARIoT vulnerabilities database: VAR-202112-1782 Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105

Log4j: Tokyo Drift \| Digital Shadows Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 4.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 22, 2021, 8:38 p.m.	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

Let's Check Your Device For Malicious Software Facebook Mac Related entries in the VARIoT vulnerabilities database: VAR-202005-0698 Trust: 4.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 9, 2022, 3:53 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	serve	model:	serve
vendor:	cisco	model:	prime network
vendor:	cisco	model:	management appliance
vendor:	cisco	model:	unified contact center express
vendor:	cisco	model:	cisco prime network
vendor:	cisco	model:	network registrar
vendor:	cisco	model:	cisco unified contact center express
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	prime collaboration provisioning
vendor:	cisco	model:	mds 9000 series
vendor:	cisco	model:	cisco prime collaboration provisioning
vendor:	cisco	model:	prime network registrar
vendor:	cisco	model:	cisco prime network registrar
vendor:	cisco	model:	series
vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	cisco prime collaboration
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2020-3280

VARIoT news about IoT security